NMAP DEMO CUM DISCUSSION

RAKESH SHUKLA,
SCIENTIST/ENGINEER “SG”,
HEAD SITS and Information Security Officer
ADRIN, DEPARTMENT OF SPACE, GOVT OF INDIA
EMAIL: [email protected]
 DISCLAIMER

This presentation is designed solely to provide helpful information and general guidance on the topic
discussed and should not be used as a substitute for any legal or professional advice.

This presentation includes material from third party sources and the copyright in such third party content
continues to be owned by the respective third parties. While best efforts have been used in preparing
this presentation, the presenter makes no representations or warranties of any kind and assumes no
liabilities of any kind with respect to the accuracy, completeness of the contents and specifically disclaim
any implied warranties of merchantability or fitness of use for a particular purpose or of the results
obtained from the use of the information provided herein. In no event shall the presenter nor its
organization/centre be held liable or responsible to any person or entity with respect to any loss or
incidental or consequential damages caused, directly or indirectly to the user or anyone else, by the
information contained herein or for any action taken or omitted by placing reliance on the information
contained herein.
 NMAP COMMANDS

COMMANDS
NMAP

This ping scan command returns a list of hosts on network and the total number of assigned IP
addresses.

When using this type of scan, Nmap sends TCP and UDP packets to a particular port, and then analyze
its response. It compares this response to a database of 2600 operating systems, and return information
 NMAP SCANNING EXAMPLES

COMMANDS
NMAP
 NMAP SCANNING EXAMPLES

COMMANDS
NMAP
 NMAP COMMANDS

COMMANDS
NMAP
 NMAP COMMANDS

COMMANDS
NMAP
 NMAP COMMANDS

COMMANDS
NMAP
 NMAP COMMANDS

COMMANDS
NMAP
 NMAP COMMANDS

COMMANDS
NMAP
 NMAP MADE EASY

COMMANDS
NMAP
 NMAP MADE EASY

COMMANDS
NMAP
 NMAP MADE EASY

COMMANDS
NMAP
 NMAP MADE EASY

COMMANDS
NMAP
 NMAP MADE EASY

COMMANDS
NMAP
 NMAP MADE EASY

COMMANDS
NMAP
 NMAP MADE EASY

COMMANDS
NMAP
 NMAP MADE EASY

COMMANDS
NMAP
 NMAP MADE EASY

COMMANDS
NMAP
 NMAP MADE EASY

COMMANDS
NMAP
 NMAP MADE EASY

COMMANDS
NMAP
 NMAP COMPLEX COMMANDS

COMMANDS
NMAP
 NMAP COMPLEX COMMANDS

COMMANDS
NMAP
 NMAP COMPLEX COMMANDS

COMMANDS
NMAP
 NMAP COMPLEX COMMANDS

COMMANDS
NMAP
 NMAP COMPLEX COMMANDS

COMMANDS
NMAP
 NMAP COMPLEX COMMANDS

COMMANDS
NMAP
 NMAP COMPLEX COMMANDS

COMMANDS
NMAP
 NMAP COMPLEX COMMANDS

Flood testing with Nmap

Nmap allows to launch flood attacks against
network to test how effective mitigation methods

COMMANDS
NMAP

are

nmap 192.168.1.105 -max-parallelism 800 -Pn --

script http-slowloris --script-args http-
slowloris.runforever=true
 NMAP OTHER OPTIONS
COMPARISON TABLE

Tool Speed Features Complexity Use Case Free/Paid

General-purpose
Nmap Moderate Comprehensive Moderate Free
scanning

COMMANDS
Zenmap High Comprehensive Low Comprehensive Free
NMAP

Quick scans of
Angry IP Scanner Moderate Basic scanning Low Free
small networks
Detailed
Vulnerability Free
OpenVAS Moderate High vulnerability
scanning (Community)
analysis
Vulnerability Enterprise
Nessus Moderate High Paid
scanning security audits
Web server Web server-
Nikto Low Moderate Free
scanning specific audits
Speedy scans
RustScan High Port scanning Low with deeper Free
analysis
NMAP
Conclusion

TOOL
 LEGALITY
Nmap is legal; however, that hinges entirely on
the purpose the user has for using it. Scanning
your own network is totally legal, but scanning
third-party networks may get you into legal
NMAP

TOOL
problems if you aren’t authorized, depending on
the country and state in which you live.There
are many nuances to—and opinions about—
port scanning legality. To help you avoid legal
issues, we recommend reading the official
implications detailed on the Nmap website.
 DISCLAIMER

This presentation is designed solely to provide helpful information and general guidance on the topic
discussed and should not be used as a substitute for any legal or professional advice.

This presentation includes material from third party sources and the copyright in such third party content
continues to be owned by the respective third parties. While best efforts have been used in preparing
this presentation, the presenter makes no representations or warranties of any kind and assumes no
liabilities of any kind with respect to the accuracy, completeness of the contents and specifically disclaim
any implied warranties of merchantability or fitness of use for a particular purpose or of the results
obtained from the use of the information provided herein. In no event shall the presenter nor its
organization/centre be held liable or responsible to any person or entity with respect to any loss or
incidental or consequential damages caused, directly or indirectly to the user or anyone else, by the
information contained herein or for any action taken or omitted by placing reliance on the information
contained herein.
Thanks for
Listening with great
patience